|
33 | 33 | provided. |
34 | 34 | \item Functions from a header file \texttt{stdio.h} (e.g. \funnm{fopen}(), |
35 | 35 | \funnm{fprintf}(), and \funnm{fscanf}()), and their file handle \texttt{FILE} |
36 | | -are defined in the standard libc library and use standard system calls like |
37 | | -\funnm{open}(), \funnm{write}(), and \funnm{read}(). From those functions, we |
38 | | -will only use functions for printing to the terminal output like |
| 36 | +are defined in the standard \texttt{libc} library and use standard system calls |
| 37 | +like \funnm{open}(), \funnm{write}(), and \funnm{read}(). From those functions, |
| 38 | +we will only use functions for printing to the terminal output like |
39 | 39 | \funnm{fprintf}(). |
40 | 40 | \end{itemize} |
41 | 41 |
|
|
281 | 281 | can \texttt{rm} all hard links to a specific file but if a process has the file |
282 | 282 | still open, the file data remains on the disk until the process closes the file |
283 | 283 | or terminates. |
284 | | -\item If a process needs a temporary file, it can create it, unlink it right |
285 | | -away, and work with it using the existing file descriptor. When the file |
| 284 | +\item If a process needs a temporary file, it can create it, \texttt{unlink} it |
| 285 | +right away, and work with it using the existing file descriptor. When the file |
286 | 286 | descriptor is closed (and all of its possible duplicates), the file data is |
287 | 287 | released. |
288 | 288 | \item Even \texttt{close} may fail. For example, some filesystems may write the |
|
541 | 541 |
|
542 | 542 | %%%%% |
543 | 543 |
|
| 544 | +ifdef([[[NOSPELLCHECK]]], [[[ |
544 | 545 | \pdfbookmark[1]{dup, dup2}{dup} |
| 546 | +]]]) |
545 | 547 |
|
546 | 548 | \begin{slide} |
547 | 549 | \sltitle{Descriptor duplication: \texttt{dup()}, \texttt{dup2()}} |
|
609 | 611 | will learn about the \texttt{exec} calls on page \pageref{EXEC}. |
610 | 612 | \item To fully understand how redirection works it is good to draw the file |
611 | 613 | descriptor table for each step and where the slots point to. For example, for |
612 | | -the \nth{2} example in the slide, we have the initial state, after \texttt{close(1)} |
613 | | -and \texttt{open("out", ...)}, and the final state, as follows: |
| 614 | +the \nth{2} example in the slide, we have the initial state, after |
| 615 | +\texttt{close(1)} and \texttt{open("out", ...)}, and the final state, as |
| 616 | +follows: |
614 | 617 |
|
615 | 618 | \begin{verbatim} |
616 | 619 | +-------+ +-------+ +-------+ |
|
622 | 625 | +-------+ +-------+ +-------+ |
623 | 626 | \end{verbatim} |
624 | 627 |
|
625 | | -\item You need to pay attention to the state of descriptors. The \nth{2} example |
| 628 | +\item You need to pay attention to the state of descriptors. The \nth{2} example |
626 | 629 | will not work if the descriptor 0 is already closed, as |
627 | 630 | \texttt{open} returns 0 (the first available descriptor) and \texttt{dup} fails |
628 | 631 | while trying to duplicate an already closed descriptor. Possible |
|
726 | 729 | \begin{slide} |
727 | 730 | \sltitle{Get file status information: \texttt{stat()}} |
728 | 731 | \setlength{\baselineskip}{0.9\baselineskip} |
| 732 | +ifdef([[[NOSPELLCHECK]]], [[[ |
729 | 733 | \texttt{int \funnm{stat}(const char *\emph{path}, struct stat *\emph{buf});\\ |
730 | 734 | int \funnm{fstat}(int \emph{fildes}, struct stat *\emph{buf});} |
| 735 | +]]]) |
731 | 736 | \begin{itemize} |
732 | | -\item for a file specified by a path or a file descriptor, returns a struct |
| 737 | +\item for a file specified by a path or a file descriptor, returns a structure |
733 | 738 | containing file information, such as: |
734 | 739 | \begin{itemize} |
735 | 740 | \item \texttt{st\_ino} \dots{} i-node number |
|
794 | 799 | \item access right masks: \verb#S_IRUSR# (owner has read permission), |
795 | 800 | \verb#S_IWGRP# (group has write permission), etc. |
796 | 801 | \end{itemize} |
| 802 | +ifdef([[[NOSPELLCHECK]]], [[[ |
797 | 803 | \texttt{int \funnm{lstat}(const char *\emph{path}, struct stat |
798 | 804 | *\emph{buf});} |
| 805 | +]]]) |
799 | 806 | \begin{itemize} |
800 | 807 | \item if \emph{path} is a symlink, \texttt{stat()} returns information of the |
801 | 808 | file the symlink refers to. This function returns information about the link |
|
920 | 927 | \item Calling \texttt{unlink} on a hardlink will not release the file data if |
921 | 928 | other hardlinks exists. You can delete the symlink's target in which case you |
922 | 929 | end up with a \emph{broken link}. |
923 | | -\item \texttt{readlink} is useful in situation when you want to unlink the |
924 | | -symlink's target. |
| 930 | +\item \texttt{readlink} is useful in situation when you want to \texttt{unlink} |
| 931 | +the symlink's target. |
925 | 932 | \item \emph{\texttt{bufsize}} is typically set as 1 byte less than the buffer |
926 | 933 | size to accommodate the terminating \texttt{NULL} character. |
927 | 934 | \end{itemize} |
|
1092 | 1099 | running the process would have had access to a file if it was not for the SUID |
1093 | 1100 | privileges. However, there is an inherent security hole in this approach. |
1094 | 1101 | The test and the subsequent action on the file is not an atomic operation. An |
1095 | | -attacker could possibly unlink the file and immediately symlink it to a |
| 1102 | +attacker could possibly \texttt{unlink} the file and immediately symlink it to a |
1096 | 1103 | different file to what it actually had no rights to manipulate with. If the |
1097 | 1104 | timing is right, the SUID process will operate on that other file. The correct |
1098 | 1105 | solution is not to use the \texttt{access} call but return to the real UID/GID |
|
1109 | 1116 |
|
1110 | 1117 | \begin{slide} |
1111 | 1118 | \sltitle{Setting file permissions} |
| 1119 | +ifdef([[[NOSPELLCHECK]]], [[[ |
1112 | 1120 | \texttt{int \funnm{chmod}(const char *\emph{path}, mode\_t \emph{mode});} |
| 1121 | +]]]) |
1113 | 1122 | \begin{itemize} |
1114 | 1123 | \item changes permissions of file \emph{path} to \emph{mode}. |
1115 | 1124 | \item can be used by the file owner or root |
1116 | 1125 | \end{itemize} |
| 1126 | +ifdef([[[NOSPELLCHECK]]], [[[ |
1117 | 1127 | \texttt{int \funnm{chown}(const char *\emph{path}, uid\_t \emph{owner}, |
1118 | 1128 | gid\_t \emph{group});} |
| 1129 | +]]]) |
1119 | 1130 | \begin{itemize} |
1120 | 1131 | \item changes file owner and group for \emph{path}. Value of |
1121 | 1132 | \texttt{-1} means do not change that ID. |
|
0 commit comments